GDPR – Basic info

GDPR (or the General Data Protection Regulation) is a new directive from the EU that affects how companies collect and process their customers’ personal data. GDPR will come into effect on May 25, 2018, by which point all businesses in the EU have to become compliant. This article covers the steps we are taking in order to comply with GDPR rules and will hopefully answer any questions you might have.

If you have any questions about GDPR itself, you can find out detailed info here. It’s especially useful to read through the FAQ and see what constitutes personal data under GDPR. There are many other topics covered, as well.

What are we doing to prepare for GDPR?

We are already consulting with GDPR lawyers, and we’ve taken the first steps to become GDPR compliant. Here’s a list of things we are working on, all of which will be done before GDPR comes into effect:

An internal audit of how we handle the personal data of our customers and their customers — the audit will cover in detail what kind of personal data we process and where that data is stored DONE – see our DPA for details

An update of our Terms of Service DONE

To enable our customers to list and delete personal data we store about your customer XYZ DONE – you can search and erase PD of customers in chat history

Further necessary adjustments to Smartsupp so it fully complies with GDPR DONE – see email we have sent out for details

Does GDPR apply to my use of Smartsupp?

GDPR affects all businesses and entities in EU that process or store personal data. So the answer to that question depends on whether you collect personal data of your visitors or customers in Smartsupp. As your customers might send you their personal information in chat, you most probably do.

It’s good to mention that your use of Smartsupp is still completely legal under GDPR if you collect personal data of customers through Smartsupp (e.g. name or email). In this case you need to make sure you take the steps described below.

What steps do I need to take as a Smartsupp customer?

The first thing you should do is notify your customers and visitors that their personal data might be processed by third parties, including Smartsupp. We recommend you to add following text to your Privacy Policy or Terms & Conditions (full name and VAT ID of our company needs to be included):

“Your personal data might be collected by us or 3rd parties, such as Smartsupp.com, s.r.o., VAT ID CZ03668681”.

GDPR sets a new legal structure for personal data governance. From a legal point of view, you are a Data Controller of personal data of your customers or visitors, and Smartsupp is a Data Processor of that data on your behalf. This means that you collect your customers’ personal data and are responsible for it. By using Smartsupp, you pass that personal data to us for processing, but you are still controller of that data. You should update your Privacy Policy and Terms & Conditions to reflect this. You can find more info on Data Controllers and Data Processors here.

We recommend you consult GDPR with a lawyer in your country to make sure you are compliant. For any legal questions regarding GDPR in connection to Smartsupp, or if you believe some information in this article is incomplete or incorrect, you can contact me at privacy@smartsupp.com